Understanding how nat works

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Understanding how nat works
@ 2004-09-21 14:02 Dominic Iadicicco
  2004-09-21 14:15 ` Eric Leblond
  2004-09-21 14:47 ` Aleksandar Milivojevic
  0 siblings, 2 replies; 5+ messages in thread
From: Dominic Iadicicco @ 2004-09-21 14:02 UTC (permalink / raw)
  To: netfilter

Hello all,

I am new at iptables and am tring to learn for furture
projects. For an expirement I tried this.

"iptables -t nat -A POSTROUTING -s 172.16.12.131 -o
eth0 -j SNAT --to 172.16.12.167"

This is all on a 172.16.12.x subnet.

from the same machine I then tried to ping
172.16.12.200 and I got nowhere.  When I deleted the
rule it worked fine.  

Could someone tell me were I went wrong and or maybe
point me in the right direction.

Thanks 

Dominic Iadicicco

__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Understanding how nat works
  2004-09-21 14:02 Understanding how nat works Dominic Iadicicco
@ 2004-09-21 14:15 ` Eric Leblond
  2004-09-21 14:30   ` Dominic Iadicicco
  2004-09-21 14:47 ` Aleksandar Milivojevic
  1 sibling, 1 reply; 5+ messages in thread
From: Eric Leblond @ 2004-09-21 14:15 UTC (permalink / raw)
  To: Dominic Iadicicco; +Cc: netfilter

On Tue, 2004-09-21 at 16:02, Dominic Iadicicco wrote:
> "iptables -t nat -A POSTROUTING -s 172.16.12.131 -o
> eth0 -j SNAT --to 172.16.12.167"

so when packet leave your computer they came from 172.16.12.167 ?
This is not an IP of your computer, it can not receive the answer.
-- 
Eric Leblond <eric@inl.fr>
INL



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Understanding how nat works
  2004-09-21 14:15 ` Eric Leblond
@ 2004-09-21 14:30   ` Dominic Iadicicco
  0 siblings, 0 replies; 5+ messages in thread
From: Dominic Iadicicco @ 2004-09-21 14:30 UTC (permalink / raw)
  To: netfilter

Oh ya.  That would make sense. :)

I know it doesn't sound like much but it kicked some
thought into gear.

Thanks
--- Eric Leblond <eric@inl.fr> wrote:

> On Tue, 2004-09-21 at 16:02, Dominic Iadicicco
> wrote:
> > "iptables -t nat -A POSTROUTING -s 172.16.12.131
> -o
> > eth0 -j SNAT --to 172.16.12.167"
> 
> so when packet leave your computer they came from
> 172.16.12.167 ?
> This is not an IP of your computer, it can not
> receive the answer.
> -- 
> Eric Leblond <eric@inl.fr>
> INL
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Understanding how nat works
  2004-09-21 14:02 Understanding how nat works Dominic Iadicicco
  2004-09-21 14:15 ` Eric Leblond
@ 2004-09-21 14:47 ` Aleksandar Milivojevic
  1 sibling, 0 replies; 5+ messages in thread
From: Aleksandar Milivojevic @ 2004-09-21 14:47 UTC (permalink / raw)
  To: netfilter

Dominic Iadicicco wrote:
> Hello all,
> 
> I am new at iptables and am tring to learn for furture
> projects. For an expirement I tried this.
> 
> "iptables -t nat -A POSTROUTING -s 172.16.12.131 -o
> eth0 -j SNAT --to 172.16.12.167"
> 
> This is all on a 172.16.12.x subnet.
> 
> from the same machine I then tried to ping
> 172.16.12.200 and I got nowhere.  When I deleted the
> rule it worked fine.  

What machine has 172.16.12.167?  Usually you should SNAT only to address 
that is assigned to the machine/interface where you SNATing.

-- 
Aleksandar Milivojevic <amilivojevic@pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7


^ permalink raw reply	[flat|nested] 5+ messages in thread

* RE: Understanding how nat works
@ 2004-09-21 16:46 Daniel Chemko
  0 siblings, 0 replies; 5+ messages in thread
From: Daniel Chemko @ 2004-09-21 16:46 UTC (permalink / raw)
  To: Aleksandar Milivojevic, netfilter

>> from the same machine I then tried to ping
>> 172.16.12.200 and I got nowhere.  When I deleted the
>> rule it worked fine.
> 
> What machine has 172.16.12.167?  Usually you should SNAT only to
> address that is assigned to the machine/interface where you SNATing.

Try to read into ProxyARP. It will give you some insights as to why what
you describe doesn't work without either proxyARP or the IP address
bound to your network card.


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2004-09-21 16:46 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-21 14:02 Understanding how nat works Dominic Iadicicco
2004-09-21 14:15 ` Eric Leblond
2004-09-21 14:30   ` Dominic Iadicicco
2004-09-21 14:47 ` Aleksandar Milivojevic
  -- strict thread matches above, loose matches on Subject: below --
2004-09-21 16:46 Daniel Chemko

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox